C# Tutorials and offshore development in India
    Tutorials   Resources   Forum   Communities   Interview   Jobs   Projects   Offshore Development    
Silverlight Tutorials | Mentor | Code Converter | Articles | Code Factory | Computer Jokes | Members | Peer Appraisal | IT Companies | Bookmarks | Revenue Sharing |


Prizes & Awards
My Profile



Active Members
TodayLast 7 Days more...
New Feature: Community Sites: Create your own .NET community website and start earning from Google AdSense ! It's Free !




SQL Injection


Posted Date: 10 Jun 2008    Resource Type: Definitions    Category: General
Posted By: Kumar Velu       Member Level: Diamond
Rating:     Points: 5



SQL Injection is simply a term describing the act of passing SQL code into an application that was not intended by the developer. In fact, much of the problems that allow SQL injection are not the fault of the database server per-se but rather are due to poor input validation and coding at other code layers.



Responses
Author: Rajaram    10 Jun 2008Member Level: Silver   Points : 2
SQL Injection is a threat which explores the holes in the application revealing the internals of the database. This also gives control of the database to the hacker.


Author: Kapil Dhawan    11 Jun 2008Member Level: Gold   Points : 0
good


Author: Kumar Velu    11 Jun 2008Member Level: Diamond   Points : 2
SQL Injection is a threat which explores the holes in the application revealing the internals of the database. This also gives control of the database to the hacker.

Its also accepted..



Author: Kumar Velu    12 Jun 2008Member Level: Diamond   Points : 2
It is a trick to inject SQL query/command as an input possibly via web pages. Many web pages take parameters from web user, and make SQL query to the database. Take for instance when a user login, web page that user name and password and make SQL query to the database to check if a user has valid name and password. With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else.

Solution to Avoid sql injection:

1) Use parameters with stored procedures.
2) Use parameters with dynamic SQL.
3) Avoid the use of dynamically generated SQL in your code.


Feedbacks      
Popular Tags   What are tags ?   Search Tags  
(No tags found.)

Post Feedback


This is a strictly moderated forum. Only approved messages will appear in the site. Please use 'Spell Check' in Google toolbar before you submit.
You must Sign In to post a response.
Next Resource: Nullable DataType in .Net 2.0
Previous Resource: Indexers in C#
Return to Discussion Resource Index
Post New Resource
Category: General


Post resources and earn money! 		 
Related Resources


dotNet Slackers   BizTalk Adaptors    Web Design

masks masks masks

Contact Us    Privacy Policy    Terms Of Use